Hi Team,
We got to know that to enable peers in HA proxy we need to enable the flag net.ipv4.ip_nonlocal_bind in server.
With this flag, HA proxy server are able to bind each other to enable peers with non-local IP address and everything is working as expected.
However my security team did the analysis and found few security issue if we enable this flag :-
1 Unauthorized Binding
2 IP Spoofing
3 Service Conflicts
4 Network Traffic Exposure
5 Increased Attack Surface
So now we are worried to use this flag but without this HA proxy peers is not working as we were getting error that cannot bind socket (Address not available).
Hence looking for an alternate solution if we have anything on this ?
1 post - 1 participant